oss-sec mailing list archives
Re: invalid free in GNU ed before 1.14.1
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 12 Jan 2017 13:27:09 +0100
On Thu, 12 Jan 2017 13:10:41 +0100 Florian Weimer <fweimer () redhat com> wrote:
There is red/ed -r. I wouldn't rely on it for security isolation, but the functionality does exist.
Oh, that's interesting. I can confirm that it crashes also in restricted / red (-r) mode. Therefore it should probably be considered a vulnerability. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 cve-assign (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)